From 973b0a0016f4eea8c5dc7b94afc52b2a63930c6d Mon Sep 17 00:00:00 2001 From: davida-ps <232346510+davida-ps@users.noreply.github.com> Date: Thu, 5 Feb 2026 21:19:17 +0000 Subject: [PATCH] chore: CVE advisories - 0 new, 1 updated Automated update from NVD CVE feed. Keywords: OpenClaw clawdbot Moltbot Poll window: 2025-10-08T21:18:58.000Z to 2026-02-05T21:18:58.000Z --- advisories/feed.json | 4 ++-- skills/clawsec-feed/advisories/feed.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/advisories/feed.json b/advisories/feed.json index b24b16f..59e0d99 100644 --- a/advisories/feed.json +++ b/advisories/feed.json @@ -1,6 +1,6 @@ { "version": "0.0.2", - "updated": "2026-02-05T12:53:37Z", + "updated": "2026-02-05T21:19:17Z", "description": "Community-driven security advisory feed for ClawSec. Automatically updated with OpenClaw-related CVEs from NVD and community-reported security incidents.", "advisories": [ { @@ -58,7 +58,7 @@ "severity": "high", "type": "vulnerable_skill", "title": "OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026....", - "description": "OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw's Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29.", + "description": "OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29.", "affected": [], "action": "Review and update affected components. See NVD for remediation details.", "published": "2026-02-02T23:16:08.593", diff --git a/skills/clawsec-feed/advisories/feed.json b/skills/clawsec-feed/advisories/feed.json index b24b16f..59e0d99 100644 --- a/skills/clawsec-feed/advisories/feed.json +++ b/skills/clawsec-feed/advisories/feed.json @@ -1,6 +1,6 @@ { "version": "0.0.2", - "updated": "2026-02-05T12:53:37Z", + "updated": "2026-02-05T21:19:17Z", "description": "Community-driven security advisory feed for ClawSec. Automatically updated with OpenClaw-related CVEs from NVD and community-reported security incidents.", "advisories": [ { @@ -58,7 +58,7 @@ "severity": "high", "type": "vulnerable_skill", "title": "OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026....", - "description": "OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw's Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29.", + "description": "OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29.", "affected": [], "action": "Review and update affected components. See NVD for remediation details.", "published": "2026-02-02T23:16:08.593",